E-Safety and Computer Security Rules Process / Signatures Portfolio Team Portfolio Team Lead Principal Chair of Governors Behaviour Safety & Ethos Mrs K Mitford Dr J V Edwards Mrs K Mitford Presented 2 June 2014 Date Agreed 02 June 2014 Date Ratified 11 June 2014 Date Ratified 11 June 2014 Date Policy date / updated: May 2014 Review date: May 2015 1
E-safety and computer security rules summary This booklet is designed as a summary of the Academy e-safety policies and data protection policy for all staff and the wider academy community. 2
Contents Page 3 What is e-safety? Page 3 E-safety in teaching what to watch out for Page 4 E-safety what expertise do I need? Page 5 E-safety in personal life Page 6 Protecting logon details Page 6 Protecting information Page 7 Protecting computer equipment Page 7 - Avoiding computer virus Page 8 Using email Page 9 Appendix one (Acceptable use policy for staff) Other Academy policies for reference: Data protection policy E-safety policy Acceptable use policy for staff Social media guidelines These documents are available on the academy intranet. 3
What is e-safety? Ofsted defines e-safety as: The school s ability to protect and educate pupils and staff in their use of technology and to have the appropriate mechanisms to intervene and support any incident where appropriate. Three particular e-safety risks for inspections are: Being exposed to illegal, inappropriate or harmful material, being subjected to harmful online interaction with other users, and personal online behaviour that increases the likelihood of, or causes, harm. Teachers need to be able to ensure that: All groups of pupils feel safe at school, understand very clearly what constitutes unsafe situations and are highly aware of how to keep themselves and others safe. E-safety is particularly relevant to ICT and PSHE, but it also permeates any subject or activity which makes use of the internet. Why staff members should be concerned about e-safety All teachers have a duty of care to the pupils they teach. Teachers act in loco parentis and are legally responsible for all aspects of pupil safety, including online safety, whilst in school. Any activity involving internet use needs to be carefully planned and assessed for risk to minimise the possibility of an e-safety incident. E-safety in teaching what to watch out for Teachers need to be aware of the latest trends in children s use of the internet particularly in relation to our school and the children you teach. For example, which social networking platforms and blogging/questions/sharing websites are popular in your school? Local trends might not match national trends. In one school Facebook usage might be prevalent, in another Twitter might be predominant. Tumblr might dominate in one setting while ask.fm might be a craze elsewhere. Knowing what your children are using helps ensure your pastoral advice and e-safety planning can be pre-emptive. Knowing what could happen makes it easier to know how to prevent it happening. Teachers knowledge of e-safety should not just be limited to prevention strategies. If a child points out inappropriate, bullying or illegal content, teachers should be aware of the procedures to report and remove the offending content. Firstly, this requires the teacher to be completely familiar with the academy s policy with regard to reporting incidents. Teachers need to be aware who to contact and how to preserve evidence, if required. Teachers, acting in loco parentis, also need to be aware of how a school can request removal of content, especially with social media websites such as Facebook. 4
E-safety What expertise do I need? Teachers need to become experts in offering age-appropriate advice and guidance to their classes, and parents, with regard to: Unwanted internet contact: Preventing online grooming and teaching pupils how to report instances and remove any damaging content. Cyber bullying - how to avoid, prevent, and deal with instances of cyber bullying, and how to report and remove offensive material created as a result of cyber bullying. Inappropriate internet content: How to avoid, report and delete content which may be: pornographic, illegal, obscene, violent or likely to incite racial or religious hatred. How to avoid and report content which encourages illegal or dangerous activity by pupils, or is simply age-inappropriate. How to set a good example with regard to downloading software safely, avoiding viruses, adhering to copyright law and knowing whether information is reliable and valid or not. Privacy: How to ensure social networking content stays private and doesn t end up in search results years later. How to ensure passwords are strong, password-protected information, such as banking details or parental online shopping details remain safe. How to prevent and deal with junk mail and spam, and also how to spot internet scams and phishing emails and messages. Understanding how websites store and track data which might be used for valid marketing reasons, or abused to create spam or facilitate identity theft. Mobile phones and devices: Understanding how difficult it is to remove tracking data from mobile phones and how important it is to safeguard privacy on mobile devices more so than on laptops or PCs. To be aware of high-cost premium-rate services, and the more general costs involved in operating a mobile device. Understanding how mobile chat services such as Skype or Apple Facetime work, snapchat, what information is stored and logged, and why there is no such thing as anonymous chat. 5
E-safety in teachers personal life ensuring your web habits at home don t impact on your reputation at school. Avoid using a school laptop or your school internet access for personal reasons. Why? Because it will reflect your internet usage, whether appropriate or inappropriate, in subtle and often difficult to control ways. For example, browsing habits are stored in cookies, traffic data, logs and profile archives. Due to the security settings applied to school laptops and school network accounts, won t have the facility to delete cookies, or browse without cookies. Trackable data is used on every social media site, every search engine and many websites for advertising and demographic data. So if you browsed for washing machine price comparisons on your school laptop at the weekend, it s highly likely Google will serve adverts for washing machines in your history lesson on Monday. Similarly if you searched for holidays, jobs or beauty treatments, they will appear as adverts too. If inappropriate content was searched for that might appear. Similarly, suggested searches, pop-ups, search engine auto-complete fields and targeted news can also prove embarrassing when it reflects out-of-classroom internet habits. The way to avoid this is simple don t use a work account for personal browsing. The teacher s use of the internet has to set a good example to the pupils 6
Introduction Computer Security guidance Please remember: You can only use the academy s systems if you have been authorised to do so and you re no longer authorised when you leave the academy. We may monitor how you use the academy s systems to ensure compliance with all policies. If you break the rules, we ll treat it as a disciplinary matter and in some cases this may be gross misconduct resulting in dismissal. Protecting your logon details. You ll have at least one logon ID and a secret password to access the computer system. The purpose of the logon ID is to identify you as the owner of a computer account and your password proves you re entitled to use it. What must I do? Keep passwords secret Make sure your passwords are at least 6 characters long longer the better. Change your password regularly every month is best. Change your password immediately if you think someone has discovered it. What must I not do? Use a password that is easy to guess, write down a password and leave it where it might be seen. Never let pupils use your account. Protecting information There are some special rules about protecting information that you need to know, including your responsibilities under the Data Protection Act 1998. What must I do? Take all responsible precautions to protect academy information from theft, loss, damage or unauthorised use. Password protect documents that are leaving the academy electronically that contain data on students or staff. Never disclose academy information to anyone who isn t authorised to know it. Lock away confidential documents and computer media before leaving your workplace or stored securely at home. Paper copies of classified information must be shredded if it requires secure disposal Take care when printing out confidential documents. Collect printouts immediately. All electronic files containing classified information for pupils must be password protected. This really only applies when storing pupil data on a USB pen as at other times you will have a password for accessing the school system. Ensure that wherever possible your display screen cannot be viewed by persons not authorised to see the information. 7
Rooms/offices with wall displays showing classified information must be secure from the general public. Please be mindful of this when meeting pupils or parents. Mobile devices must be password protected if used for school purposes such as retrieving emails. What I must not do? Do not leave your computer logged on when you have left the workstation, as data can be directly accessed without password control. Protecting computer equipment We expect you to be careful with academy computer equipment, not only because of the cost of repair or replacement the information it contains is often far more valuable. What I must do? Take all reasonable precautions to protect equipment against theft, loss or damage. Secure mobile equipment when you aren t using it, including laptops and storage media. Preferably lock it out of sight in a drawer or cupboard. Report any loss or theft of academy equipment via the ICT helpdesk and report it to the academy business manager. What I must not do? Leave equipment unattended at anytime unless it is properly secured or locked away. Install software or hardware on your equipment, or make unauthorised changes. Store non-business related material (including personal photos, your own music, video files etc) on academy laptops or the academy network. Avoiding computer virus What must I do? Contact ICT support immediately if you think your computer might have a virus infection. Until ICT support have cleared it, don t let anyone use and don t switch it off unless told to do so. Contact ICT support immediately if the anti-virus software isn t updated or working properly. Use your anti-virus software to scan portable media for viruses before copying any files from them. What must I not do? Connect unauthorised equipment to the academy network as there is a high risk of transferring viruses. Tamper with anti-virus software, or any security measures on your equipment. Load software onto academy equipment unless it has been authorised by ICT support. 8
Using email Any email you receive from outside the academy may contain viruses hidden in file attachments or web links (URLs) What I must do? A school email address must be used for all school business. Follow normal business standards of communication remember email has the same legal status as other written communications. Delete any junk mail (spam) messages you receive. Create your own contact groups rather than sending unnecessary mails to all staff. What I must not do? Create wide-distribution E-mails (for example, to addressees throughout the academy) unless this form of communication is vital. Print out messages you receive unless you need a hard copy. Send an E-mail that the person who receives it may think is a waste of resources. Give out private home/personal e mail addresses to students or parents. Open an email you aren t sure about, even if it seems to be from someone you know viruses create spoof emails in order to spread. Use academy email to subscribe to non-business mailing lists, such as jokes or sports updates. Guidelines for writing emails Numbers of Emails - People feel overwhelmed by the number of emails they receive. Keep the use of email to a minimum. Staff Emailing Pupils Staff must only email pupils or parents where there is an Academy need to do so. Where there is a need, always: - Keep the email professional and do not disclose personal information. - Keep a copy of all emails sent. - Where possible, use blind cc so that others cannot see email address. Single Topic and Facts Where ever possible restrict email to a single topic, and only record facts and evidence-based opinions. This facilitates better record-keeping. Personal and Business Content - Do not mix personal and business content within the same email. Use Pars to email staff of a particular pupil. Don t just send out a blanket email to everyone. Email Title - Give emails a meaningful title in the Subject field. Re-title an email before forwarding if appropriate. Email Response Where ever possible reply to emails as soon as possible if the sender requires a response. (See communications blue print) Read Receipts - Only request read receipts where it is absolutely necessary. Do not set request read receipts as a default. 9
Sending an email does not guarantee it being received. If an important email has been sent to which you have received no reply, then it is recommended that you chase the email verbally. Large Emails - Do not send large emails (e.g. mails with large attachments) because they fill up their recipients mailbox 10